I ran the scan and it found what the other programs missed like Look2Me but the link you gave didn't give me a program with a 2 week trial. It is telling me that if I want to remove what it found I have to subscribe for 1 year... It also doesn't give me a log file for me to post here.

Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.

IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so! This Fix must NOT be run in safe mode for it to work.

If you receive, while running option #1, an error similar like: ''C:\windows\system32\cmd.exe
C:\windows\system32\autoexec.nt the system file is not suitable for running ms-dos and microsoft windows applications. choose close to terminate the application.."...then please use option 5 or the web page link in the l2mfix folder to solve this error condition. do not run the fix portion without fixing this first.

Hi,
Now, we have to remove them!
Close any programs you have open since this step requires a reboot.

From the l2mfix folder on your desktop, double click l2mfix.bat and select option #2 for Run Fix by typing 2 and then pressing enter.
It will process then start. Your desktop and icons will disappear (this is normal). L2mfix will continue to scan your computer and when it's finished, it will be ready for a reboot. Press any key to reboot. After the reboot notepad will open with a log. Copy the contents of that log and paste it back into this thread, along with a new hijackthis log.

IMPORTANT: Do NOT run any other files in the l2mfix folder unless you are asked to do so! Do Not run in safe mode!!
If after the reboot the log does not open double click on it in the l2mfix folder.

Ok I did as you asked. I did note something that may have been an error but may not have been. I saw the program say something along the lines of "error: unable to run second.bat from C:\windows\system32\"
Which is odd since second.bat is in the l2m folder on the desktop, not in sys32...

EDIT: One other thing. Whatever the program did, I now seem to have access to windows XP security updates which I wasn't able to get before because of the crap on my computer. Should I get those updates now ASAP or wait untill the system is fully clean first?

Anyways, heres the log and a new hijack log. You'll see that theres still a "f00olad31d0.dll" in system32 which is part of l2m.

Ok I copied second.bat to system32 manually but the program gave the same error message. After the main l2m program ran (but before I let it reboot) I tried to run the second.bat file but I got an error "Second.bat is Not intended to be run on its own"

Since nothing has changed from last attempt I'm guessing I'll still have the same leftover l2m files as before which allowed l2m to reinstall itself upon boot up.

I was wondering. The first program you recommended gave me a list of about 6 dll files in my system32 folder and guard.tmp. Even though it won't let me "clean" them can't I go into safe mode and manually remove them with killbox? Would that completely remove l2m? or at least destory it enough that it can't fix itself. I could live with a couple harmless registry entries that point to nowhere as long as it doesn't hurt anything or allow l2m to fix itself.

Go to File Menu (in NotePad) > Save AS and type the filename as Fix.REG and save the file. Exit from NotePad.

Reboot to Safe Mode.

Now, run Procexp.exe (Process Explorer). It will display the list of running processes. Now, double-click on Winlogon.exe process to open its properties window. Here, click "Threads" tab. In this tab, DLLs loaded by the Winlogon.exe are listed. Locate the following filenames in that list and if you find them, select them one at a time and click "Kill" button to unload them.

Clic "OK" to exit from Winlogon.exe properties window.
Now, in Process Explorer main window, double-click on Explorer.exe process to open its properties window. Here, click the "Threads" tab and locate the same files mentioned as above and if they are found, kill them.

Then in Killbox, paste it in the "Full path of the file to delete" textbox and click the Red X button to delete it.
Similarly, copy the second filepath from the above "Quote", and the paste it in KillBox and delete it. Repeat this step for the remaining files too (delete only one file at a time).

Double-click on the Fix.REG file and click "Yes" to merge it to Registry.

Finally, restart the PC to Normal Mode. Download WinPFind.ZIP and completely extract it to a folder. Then run WinPFind.exe and click "Start Scan". When the scan completes, click "Copy to Clipboard" button to copy the log it gives, and please post it here.

Swatkat, sorry man but I was sick for a while before I got to your last step. I then had some problems with my internet connection. I didn't mean to just leave it hanging like I cleaned up my system and just left you hanging without even a thankyou.

Anyways, I'm feeling better and my internet is back up so I'm ready to do this last part. I did run into 1 problem. I got an error with Process Explorer when I went to "Threads" where it told me that my dbghelp.dll wasn't good enough for the "Threads" tab to work properly. I tried to update it but couldn't find a more up to date version. I even followed the link offered by the program and installed the "debugger" software offered by MS. Threads shows a long list of this over and over... "!RegisterWaitForInputIdle+0x4a"

On top of that 1 problem I also figured there may be new problems in the Hijack This list that you may need to account for now so here is a new scan.

I d/l the file and followed your instructions but after the 10 sec the program never came back up. I tried the "start/run" cmd line and it did nothing. I also checked the mswinsck file and I have the file and the correct version.

I did run the version of Spysweeper that D3m3nt3d linked too and that version allowed me to remove what it found, and it found everything, or close to it. I don't have any popups anymore and my system seem to run a bit better.

Here is another Hijack report incase the program missed anything. Hopefully we won't need to worry about fixing this look2me-destroyer problem.

Go to Start > Run and type services.msc and press ENTER. Here, navigate to the service named Local Security Authority Subsystem Service (lsass) and right-click on it. Then click "Properties". Here, in the "Status" dialog box, select "Stop". Then, under "Startup type" dialog box, select "Disabled". Click "Apply" and then "OK".

I don't know if I'm having spyware problems or not, but I cannot seem to load some pages that I used to load. That mainly goes for Trend Micro Online scan which I often used before and now it just doesn't load completely so I can not use it anymore, in Firefox as well as in IE. I have Norton Internet Security 2005, and I ran Hijack This, so here is the log... (if someone sees something malicious in there, please say so, because I'm not familiar enough with that stuff- thank you!).

Thanks! I also don't think that it is a spyware problem, but something with my internet settings. When I tryed to download some Java update it complained about my proxy setting, but I'm using adsl so.. :-|